intro
One of the quickest and simplest ways you can drastically improve your privacy is by using secure dns/name servers. It costs nothing, takes a couple of seconds and is available in most hardware and software these days. Specifically I'd recommend using
DNS over HTTPS (DoH).
Traditional DNS queries are sent in plain text, meaning ISPs, network administrators and anyone sniffing your WiFi can see what websites you visit. DoH encrypts these DNS queries, preventing third parties from snooping on your browsing activity. Without encryption, attackers can perform DNS spoofing (cache poisoning) or MITM ((Man In The Middle) attacks, redirecting you to malicious websites.
A lot of the blocking / censorship that is done on national levels, such as the great firewalls of china, italy, france, etc are done on the DNS level. Circumventing them is as simple as using a DNS provider not in one of those countries. Yes, they're getting more sophisticated, sometimes requiring using a VPN since they've begun analyzing packets, but it's worth keeping in mind that inspecting each packet is VERY intense. They're not doing that for all traffic and all destinations, thus simply switching to an encrypted DoH server will negate the firewalls.
But by far the most valuable aspect to encrypted DNS is that your browsing history and complete profile of you as a person won't be sold by your ISP or other service providers to every single data broker in the world.
which provider
There's many out there and I really don't want to cast shade on them so instead I'll just say that I've opted for
quad9. The reasons are multiple, here's the most important ones.
1. No logs.
2. Quad9 is a non-profit. It isn't attempting to make money by selling your private information.
3. Does not cooperate with ISPs or governments.
4. It has a global network making it just that much faster than the smaller operators, since I began using it I've only had issues a single time for around two hours.
I'm certain you can find other great DoH providers. Just make sure you never use one like Google, Microsoft or even Cloudflare (now that they've begun cooperating with governments).
DoH on browsers
For a chromium based browser like Brave, Edge or Chrome then just go to;
Settings -> Privacy and security -> Security -> Use Secure DNS -> And type your DNS provider (https://dns.quad9.net/dns-query in my case)
For firefox;
Settings > Network Settings > Enable DNS over HTTPS
DoH on routers
Yes, there's a good chance of your router supporting it. Enabling it both here and in the browser is very useful since your operating system and most applications will likely default to the nameservers your router providers as they acquire the local IPs. I can't give you specific information since there's so many routers out there, but check the admin interface and you'll likely find it.
DoH on operating systems
Again, there's so many flavors of operating systems that I won't go into details but it's generally supported by most, if not all.
outro
There's no reason not to use DoH. It's fast, simple, free as in beer, free as in freedom, increases reliability and generally puts you firmly in the cool guy club.
